Agenda

The overall goal of the workshop is to produce a final report that contains as complete a specification as possible for three or more potential competitions. As the agenda shows, over the course of the three days the individual tracks, or teams, are scheduled to meet separately for only 11 hours or so. That is not a lot of time to accomplish these tasks. It is hoped that by the team reports at the end of each day the teams will have made progress roughly along these lines:

Tuesday: Identify the competition(s) to be investigated (no more than two per track); characterize the participants and their rights

Wednesday: Complete the specification of the competition(s) (see the numbered list below for guidance)

The moderators and the I3P staff will be completing the final report on Friday morning for submission to NSF soon thereafter.

Fun Stuff

Bob Blakley's photos of the participants. If you see a picture of yourself that you like, you have Bob's permission to use it in any way you want free of charge and without requirement for attribution. If you'd like to download the large-size file of your picture, you click the picture to go to its photo page. Then click the magnifying glass icon labelled "all sizes" above the picture, and select the "Original" link which will appear. Finally, click the "Download the original size" link immediately above the photo, and you'll get the file.

NOTE: Bob doesn't tag people in photos because he's not sure they'll like the pictures or want to be identified in public. But if you are comfortable with having your name on your picture, please feel free (and welcome!) to tag yourself. You tag yourself by clicking on the picture to go to its photo page, and then clicking the "add tag" link on the right hand side of that page. type your name (enclosed in double quotation marks) into the box that appears, and hit "enter".

Track Goals and Deliverables

Each track is asked to produce a specification for a competition. Topics that will need to be considered include:

A. Particular objectives of the competition

B. Defining Participants

What will be the composition of the candidate pool?

C. Determining participant rights

What are the rules for existing intellectual property or that developed during competition?

Are there legal issues to address?

Will there be sponsors for the award, process, or competitors?

D. Setting the Rules

What will be the winning criteria

Objective vs. subjective balance

Application: First to complete, best of a group at deadline, all entries above a set bar, hybrid?

Track Descriptions

Track 1: Foundational Security Components. Moderator: Anup Ghosh

Identify one or more foundational security components to implement in a competition style that will provide foundational security for software applications or systems. Reference systems will be implemented as open source. Red teams may be employed for testing, etc.

Examples:

Establish a trusted path mechanism from human to application that will provide integrity and confidentiality while bypassing keystroke loggers

Track 2: Secure System Implementation. Moderator: George Cybenko

Identify one or more competition concepts that address multi-component systems (MCS) security. Multi-component systems are composed of heterogeneous software elements, hardware platforms, networks, and human operators and users working to accomplish at least one concrete mission, business process or workflow. Competitions can be about implementing specific systems ab initio, implementing specific systems by enhancing COTS products, developing new techniques for analytically reasoning about MCS security properties in the design phase and/or developing new techniques for runtime assurances about MCS security properties during operational use. Evaluations of competitions will likely depend on the type of competition so that red teams, information markets and/or panels of judges could be used. A key outcome of this type of competition is to accelerate workforce growth and technology development in multi-component systems security, not necessarily to build a deployable system.

Track 3: Workforce development. Moderator: Ben Cook

This track will focus on defining the role of competition in building a cadre of secure systems engineering experts. Stagnant student interest in computer science and related fields coupled with surging demand for highly skilled cyber security specialists have led to a national imperative to create a more productive cyber education pipeline. The growing complexity of computer hardware and software systems and increasing sophistication of attackers further compounds the cyber education challenge - in short, the problem is getting harder and our adversaries are getting better. This track will specifically focus on designing a competition for college students that will stimulate and advance their interest and understanding of secure systems engineering while also fostering fundamental innovation. We'll explore possible models from other fields - from the National Concrete Canoe Competition to the University Nanosatellite Program - and attempt to define one or more compelling competitions that would complement existing activities such as the U.S. Cyber Challenge (largely focused on network defense and forensics skill building) to deepen the talent pool in secure systems engineering.

Questions to be considered include:

What is the appropriate engineering challenge(s) to pose? E.g., a more well-defined problem, such as a secure networked embedded systems implementation, or more open-ended design challenge, such as concepts for information provenance?

How do we attract and motivate the best student competitors? Recognizing the allure of attacking (and synergy in security design of bridging the adversarial and defensive mindsets), what is right balance between defending and attacking in a competition (e.g., student red teamers)?

What's the best way to structure and stand up a successful competition? What are the roles of faculty advisors, student chapters (IEEE, etc.), industry, and other stakeholders?

Suzanne's book (Scotchmer is a prof. of Economics and Public Policy at Berkeley) is pretty much standard reading for anyone interested in learning more about designing incentives---including competitions, contests, etc.---for things we can specify. (It also covers mechanisms for incentivizing things we don't know we want; e.g., forms of intellectual property rights which allow innovators to fight it out in the market.)

A characterization of several prior and continuing competitions, in more than a dozen dimensions, is available in pdf format here; you will need to zoom in a little to read it. I would have uploaded this as an Excel spreadsheet so that you could extend it, but I couldn't figure out how to do that. I would have made it into a single large page of pdf, rather than two pages, but I couldn't make that work either. Still, have a look. --Carl

Eileen's excellent DESSEC X Prize Presentation http://cs.uno.edu/~dbilar/DESSEC_XPrize_Eileen.pptx (look also at the notes). Eileen's outline is a 0th order incubator template: A meta-competition process. We actually have to develop a 1st order template at DESSEC: A continuity/feedback/evolution template that generates 0th order incubator templates: meta-meta-competition. As such: DESSEC workshop is itself a 2nd order template: A meta-meta-meta template)